From: Anoop Saldanha <poonaatsoc@gmail.com>
Date: Mon, 23 Apr 2012 08:16:34 +0000 (+0530)
Subject: fix detection filter. Had one extra alert than normal previously, now fixed
X-Git-Tag: suricata-1.3beta2~73
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b899146229def1aefa6fcec1cf8022c1e011e215;p=thirdparty%2Fsuricata.git

fix detection filter. Had one extra alert than normal previously, now fixed
---

diff --git a/src/detect-engine-threshold.c b/src/detect-engine-threshold.c
index 0023bcc976..88040e8750 100644
--- a/src/detect-engine-threshold.c
+++ b/src/detect-engine-threshold.c
@@ -327,7 +327,7 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3
                     /* within timeout */
 
                     lookup_tsh->current_count++;
-                    if (lookup_tsh->current_count >= td->count) {
+                    if (lookup_tsh->current_count > td->count) {
                         ret = 1;
                     }
                 } else {
@@ -335,16 +335,8 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3
 
                     lookup_tsh->tv_sec1 = p->ts.tv_sec;
                     lookup_tsh->current_count = 1;
-
-                    if (td->count == 1) {
-                        ret = 1;
-                    }
                 }
             } else {
-                if (td->count == 1) {
-                    ret = 1;
-                }
-
                 DetectThresholdEntry *e = DetectThresholdEntryAlloc(td, p, sid, gid);
                 if (e == NULL) {
                     break;